Send email on firewall warning

Is there a way (or script in conjunction with a package) that allows the OpenWrt device to send an email (configuring a SMTP account with the normal security methods like username and password, SSL on 465 or TLS on 587) when a firewall warning pops out (or could be for example send you a log every 00:00 hours of every day)?

http://www.gnuton.org/blog/2016/01/openwrt-sending-logs-via-email/

Package msmtp

Well I went with your suggestion but with some slight changes. First, as the instructions says Ive installed "ssmtp", "diffutils" and "sendmail" packages, then edited this config files:

/etc/ssmtp/ssmtp.conf

root=useraddress@domain.com
mailhub=mail.domain.com:465
rewriteDomain=domain.com
hostname=domain.com
FromLineOverride=YES
UseTLS=YES
UseSTARTTLS=Yes                                                             
AuthUser=(username, commonly useraddress@domain.com)                                           
AuthPass=(account password)                                                   
AuthMethod=LOGIN

/etc/ssmtp/revaliases

root:useraddress@domain.com:mail.domain.com:465

Create the file /etc/ssmtp/logWatch.sh and chmod +x it

#!/bin/sh
#. This script filters the logs and send it via mail
>
#. Installation on openwrt
#- opkg update && opkg install diffutils
#- install and setup ssmtp (https://fleshandmachines.wordpress.com/2014/09/14/openwrt-automatic-email-sending/)
#- add it to crontab
>
#. Rules
RULES="grep -v info"
MAIL="destinationaddress@otherdomain.com"
>
#. DO NOT TOUCH
OLD_LOG=/tmp/oldlog
NEW_LOG=/tmp/newlog
>
touch $OLD_LOG
logread > $NEW_LOG
>
DIFF=$(diff $NEW_LOG $OLD_LOG | grep -v ^--- | grep ^- | $RULES)
>
if [ -z "$DIFF" ]; then
 echo "No changes exit"
 exit 0
fi
echo "Mailing logs"
echo "Subject: Log activity detected on" $HOSTNAME ; echo $DIFF | sendmail -f useraddress@domain.com -v $MAIL
mv $NEW_LOG $OLD_LOG

Then create a cron job on System > Scheduled Tasks

0 0 * * * /etc/ssmtp/logWatch.sh

With this the log of the firewall is sent to destinationaddress@otherdomain.com everyday at 00:00 hours

PD: A little more, I saw the possibility to make the rout send me a email every time the router reboots.

Create a file at /etc/init.d/emailafterreboot

#!/bin/sh /etc/rc.common
#. Example script
#. Copyright (C) 2007 OpenWrt.org
>
 START=99
 STOP=100
>
  start() {
           echo start of the email sending after reboot
           echo "Subject: Log activity detected" $HOSTNAME ; logread | sendmail -f useraddress@domain.com -v destinationaddress@otherdomain.com
         }
>
  stop() {
           echo stop
           # commands to kill application
        }
>
  boot() {
           echo start of the email sending after reboot
           echo "Subject: Log activity detected" $HOSTNAME ; logread | sendmail -f useraddress@domain.com -v destinationaddress@otherdomain.com
        }

Then:

chmod +x /etc/init.d/emailafterreboot
/etc/init.d/emailafterreboot enable

You can test this script by

/etc/init.d/emailafterreboot boot

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.